CVE-2025-9102
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-18
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-08-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9102
EUVD
EUVD-2025-25112
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mail mail.com 8.8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-9102 is a vulnerability in the 1&1 Mail & Media mail.com Android app version 8.8.0, caused by improper export of Android application components in the AndroidManifest.xml file. This flaw allows malicious local applications to hijack tasks and inherit the permissions of the mail.com app by exploiting improperly restricted components. Attackers can use this to perform phishing attacks and steal login credentials by taking over app tasks. The vulnerability affects Android versions prior to Android 11 and requires local access to the device to exploit. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing a malicious local application to hijack tasks of the mail.com app and inherit its permissions. This can lead to unauthorized access to sensitive data, such as login credentials, through phishing attacks. It compromises the confidentiality, integrity, and availability of the app's data and functionality. Since the exploit is publicly available and easy to execute, it poses a real risk if the device is compromised locally. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by analyzing the AndroidManifest.xml file of the 1&1 Mail & Media mail.com app (version 8.8.0) on the device to check for improperly exported components. Since the attack requires local access, you can inspect the app's manifest for exported components without proper restrictions. Additionally, Google hacking techniques such as searching for "inurl:AndroidManifest.xml" can help identify vulnerable targets online. There is a publicly available proof-of-concept exploit on GitHub that can be used to verify the vulnerability. Specific commands to inspect the manifest on a rooted device or emulator include using 'adb shell' to pull the APK and then using 'aapt dump xmltree' or 'apktool' to analyze the AndroidManifest.xml file. [2, 1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected mail.com Android app version 8.8.0 with an alternative mail application, as no official vendor patch or countermeasures have been published. If you have control over the app source, modifying the AndroidManifest.xml to properly restrict component export settings and prevent unauthorized task hijacking is necessary. Until a fix is available, avoid installing or using the vulnerable app on devices, and restrict local access to the device to prevent exploitation. [2, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart